New Phishing Alert: Fake Email Appearing as Google Support

avatar

You may be used to learn some of the recent phishing and scam attacks from this account, so today I will post a very strange and dangerous new scam that I saw!

What would you do if Google would send you an email and if you would consider this as a valid one, after your first checks?

I saw this post on X - so I am sharing this with all of you with a reminder.

We can never, ever be too safe. We need to keep our eyes and ears open for everything that may happen around us.

This phishing attack exploits a vulnerability in Google's infrastructure, and as per Nick's Tweet, who received the below email, allegedly by Google.

Nick is Lead developer of ENS & Ethereum Foundation alum

image.pngimage.png

Nick noted that this appears as a valid, signed email - and in reality, sent from [email protected].

It passes the DKIM signature check, and GMail displays it without any warnings - it even puts it in the same conversation as other, legitimate security alerts.

What is even more concerning is that the user is directed to a portal named sites. google . com which will probably lead the users to consider it legit.

image.png

The next step is that the user is required to put their google credentials and most probably, when they do - these are received from the scammers who then can do anything they want with them.

image.png

This is another very sophisticated scam and proves that we can never be too safe online.
You can read the thread here for more details, and if you need to remember one thing from todays post, it is that we are not safe.

When it comes to any online communication, we should consider it as

Unsafe until proven otherwise. (or unsafe - simple as that)

Did you receive anything similar?
I hope that this post will be useful!

Posted Using INLEO

hive-167922 ladiesofhive pimp proofofbrain scam cent bbh attention phishing
0
0
0.000
5 comments
avatar

View or trade LOH tokens.





@katerinaramm, You have received 1.0000 LOH for posting to Ladies of Hive.
We believe that you should be rewarded for the time and effort spent in creating articles. The goal is to encourage token holders to accumulate and hodl LOH tokens over a long period of time.
0
0
0.000
Reply
avatar

One could easily get the scam because

  • a subpoena was issued, but it's generic, too much generic
  • my Google account has not my real name and surname, how could they issue a subpoena about my data without a real name? 😂
0
0
0.000
Reply
avatar

These scammers and their tricks keep evolving everyday…people who are not schooled in this things could easily fall prey.
Thanks for shedding this…another one to look out for

0
0
0.000
Reply
avatar

Did you receive anything similar?

I receive such types of phishing emails every day, but different kinds of them; thanks for sharing your type Coach!

0
0
0.000
Reply
avatar

The bottom line is that you should always check the url where they ask credentials. With anything Google it should be accounts.google.com. But even that is not bulletproof as they can register domain names using similar unicode characters (like using alpha char instead of a)

0
0
0.000
Reply